Items Tagged with "Security Strategies"
April 16, 2012 Added by:Daniel Blander
As security professionals, we eagerly hone our skills and immerse ourselves in the latest research. Yet too many of us feel that we are marginalized, and become frustrated at our lack of professional advancement. What could be the problem and how can we overcome it?
April 15, 2012 Added by:Chris Blask
The topic of information sharing has become one of the most interesting in finding “The Solution” to ICS security. Aspects securing industrial control systems – including timing, technology and workforce – suggest that answers lie less in technology and more in Robert’s Rules...
April 15, 2012 Added by:Allan Pratt, MBA
No one wants to think that disaster will strike, but it’s better to have policies in place and not need them – because you never know when you may encounter an iceberg - especially for those of us who live and breathe in the information security arena...
April 12, 2012
We were fortunate to get an interview with HP's Global Software Security Evangelist Rafal Los at Black Hat Europe where he speaks about threat modeling and how we can stop determined attackers. Javvad's coverage of Black Hat Europe courtesy of Infosec Island and NETpeas...
April 12, 2012 Added by:Rafal Los
You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...
April 10, 2012 Added by:Rafal Los
Everything you do as an infosec leader needs to be aligned to your organization's mission statement and goals. Everything you do, every security-related decision you make, and every purchase and project you sign off on must first and foremost be aligned to the organization...
April 09, 2012 Added by:Neira Jones
Redundant measures always expose themselves very rapidly: they either don’t help you run your shop, or nobody around you is interested in them. So if you still have some of these, your job is to scrap them because it will save some time and resources to apply elsewhere...
April 06, 2012 Added by:Rafal Los
Practicing the OODA Loop for incident response is critical to making sure you avoid panic-induced decisions which could be catastrophic. If you're already formulating excuses as to why you won't be able to practice - just forget this altogether...
April 04, 2012 Added by:Rafal Los
There are any number of possible decisions to be made in an infosec OODA Loop cycle. Sometimes the most basic decision to be made is whether to act or to hold your position. Too often infosec tends to look at a potential event and assume that the response must be action...
April 03, 2012 Added by:Robb Reck
It’s very nature makes security difficult for people to readily accept. Security really is hard. It is inconvenient. It takes a 10 minute process and turns it into 11, 15, 30 or 60 minutes. Why wouldn’t our people give pause when security comes with these kinds of burdens?
April 03, 2012 Added by:Rafal Los
In infosec, if you've worked at companies who are doing security poorly and getting ravaged by hackers your first inclination may be desperation when your digital assets are under attack. It's hard to completely wipe the slate clean from previous experiences...
April 01, 2012 Added by:Rafal Los
Infosec is in a constant chess match with the opposition. In order to have some way of fighting this asymmetric digital warfare, we need to have an organized, formalized way of identifying current threats and reacting in near-real-time in order to reach a state of detente...
March 30, 2012 Added by:Steven Fox, CISSP, QSA
Rarely are non-security staff engaged in risk control discussions – a lack of interaction that disenfranchises those who will interact with the controls. This engenders a sense of powerlessness that leads to passive sabotage of initiatives intended to further the business...
March 29, 2012 Added by:Rafal Los
The OODA loop was invented by a military strategist, and the idea is that in order to win any given incursion you must go through your OODA loop faster than your opponent. Failing to do so can mean the difference between an incident and a catastrophic breach...
March 28, 2012 Added by:Infosec Island Admin
Cooperation in the form of Public Private Partnerships (PPPs) has evolved in many Member States. The European Commission has proposed concrete policy and regulations for improving the security and resilience of public telecommunications...
March 26, 2012 Added by:Ian Tibble
For all intents and purposes, penetration testing had become such a low quality affair that clients stopped paying for it unless they were driven by regulations to perform periodic tests of their perimeter "by an independent third party"...